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CAROLYN D. THOMAS, Administrative Patent Judges. 

BARRY, Administrative Patent Judge. 



DECISION ON APPEAL 1 



1 The two-month time period for filing an appeal or commencing a civil 
action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, 
as recited in 37 C.F.R. § 41.52, begins to run from the "MAIL DATE" 
(paper delivery mode) or the "NOTIFICATION DATE" (electronic delivery 
mode) shown on the PTOL-90A cover letter attached to this decision. 
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STATEMENT OF THE CASE 
The Patent Examiner rejected claims 1-24. The Appellant appeals 
therefrom under 35 U.S.C. § 134(a). We have jurisdiction under 35 U.S.C. 
§ 6(b). 



Invention 

The Appellant describes the invention at issue on appeal as follows. 

[A] plurality of ingress routers [are] coupled to egress routers 
for communication utilizing the network-based VPN [i.e., 
virtual private network] protocol that logically partitions intra- 
VPN and extra- VPN traffic, such that denial of service attacks 
on the access link originating from sources outside the VPN are 
prevented. In other words, traffic in a particular VPN is 
separated or partitioned based on the source of the traffic, 
i.e., whether the traffic originated within the VPN (intra- 
VPN) or outside of the VPN (extra-VPN). 

(Appeal Br. 7.) 



Representative Claim 

1 . A network system providing a virtual private network 
(VPN), said network system comprising: 

one or more egress routers having connections to an 
access network including an access link, wherein said one or 
more egress routers transmit intra- VPN traffic to a destination 
host belonging to the VPN from sources within the VPN within 
a first access network logical connection for intra- VPN traffic 
and all extra- VPN traffic to the destination host from sources 
outside the VPN within a second access network logical 
2 
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connection for extra- VPN traffic, separate from the first access 
network logical connection; and 

a plurality of ingress routers coupled to the one or more 
egress routers for communication utilizing a network-based 
VPN protocol that logically partitions intra- VPN and extra- 
VPN traffic, such that denial of service attacks on said access 
link originating from sources outside the VPN are prevented. 

Rejections 

Claims 1, 3-9, 11-16, and 18-22 stand rejected under 35 U.S.C. 
§ 102(b) as anticipated by U.S. Patent No. 5,768,271 ("Seid"). 

Claim 23 stands rejected under 35 U.S.C. § 103(a) as unpatentable 
over Seid. 

Claims 1-24 stand rejected under § 103(a) as unpatentable over the 
Appellant's admitted prior art and Seid. 

ISSUE 

The Appellant stipulates that "all of the appealed claims stand or fall 
together as a group with exemplary independent claim 1." (Appeal Br. 6.) 
Therefore, we will decide the appeal of claims 1-24 based on claim 1 alone. 
The Examiner find that "Seid discloses a network system providing a virtual 
private network (VPN), said network system comprising: one or more egress 
routers having connections to an access network including an access link 
(Figs. 1-3) . . . ." (Ans. 3.) The Appellant argues that "Nothing, repeat 
nothing, is said about segregating, within the same VPN, intra- VPN 
traffic from extra- VPN traffic." (App. Br. 10.) Therefore, the issue before 
us is whether the Examiner erred in finding that Seid logically partitions 
intra- VPN and extra- VPN traffic by transmitting traffic from sources within 
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the VPN to a destination belonging to the VPN via a first access network 
logical connection and transmitting traffic from sources outside the VPN to 
the destination via a second access network logical connection. 

FINDINGS OF FACT 
Figure 1 of Seid follows. 




"FIG. 1 is a schematic block diagram of a frame relay network having a 
plurality of prior art virtual private networks . . . ." (Col. 4, 11. 31-33.) 

ANALYSIS 

"It is axiomatic that anticipation of a claim under § 102 can be found only 
if the prior art reference discloses every element of the claim, and that 
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anticipation is a fact question . . . ." In re King, 801 F.2d 1324, 1326 (Fed. 
Cir. 1986) (citing Lindemann Maschinenfabrik GMBH v. Am. Hoist & 
Derrick Co., 730 F.2d 1452, 1457 (Fed. Cir. 1984)). Here, the network 
shown in Figure 1 of Seid logically partitions intra- VPN and extra- VPN 
traffic. More specifically, it transmits traffic from sources within VPN3 
(viz., the rightmost and bottommost nodes in VPN3) to a destination 
belonging to the VPN (viz., the leftmost node in VPN3) via a first access 
network logical connection (viz., the double-headed arrows connecting the 
three nodes in VPN3). It also transmits traffic from sources outside the VPN 
(e.g., NODE D) to the destination (viz., the leftmost node in VPN3) via a 
second access network logical connection (viz., the double-headed arrow 
connecting NODE D to the leftmost node in VPN3). 

Based on the aforementioned facts and analysis, we conclude that the 
Examiner did not err in finding that Seid logically partitions intra- VPN and 
extra- VPN traffic by transmitting traffic from sources within the VPN to a 
destination belonging to the VPN via a first access network logical 
connection and transmitting traffic from sources outside the VPN to the 
destination via a second access network logical connection. 

DECISION 
We affirm the rejections of claims 1-24. 
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No time for taking any action connected with this appeal may be 
extended under 37 C.F.R. § 1.136(a)(1). See 37 C.F.R. § 1.136(a)(l)(iv). 



AFFIRMED 
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